218 matches found
Microsoft Windows Wordpad / Windows Shell code execution
Code execution via embedded COM object...
Cumulative Security Update for Internet Explorer (931768)
Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4, 6 SP1 on Windows 2000 SP4, 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2, and possibly 7 on Windows Vista does not properly instantiate certain COM objects as ActiveX controls, which allows remote attackers to execute...
Microsoft Windows COM Object Validation Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Excel, PowerPoint, Publisher, Visio, Wordpad, or Word file. Successful exploits would allow the attacker to execute arbitrary code in the...
Microsoft Data Analyzer ActiveX控件栈破坏漏洞(MS10-008)
BUGTRAQ ID: 38045 CVE ID: CVE-2010-0252 Microsoft Data Analyzer ActiveX控件允许从基于COM的开发应用程序(如Visual Basic)以编程方式控制Data Analyzer。 在Internet Explorer中实例化Microsoft Data Analyzer ActiveX控件(max3activex.dll)时,该控件可能会破坏栈状态,导致执行任意代码。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP...
Windows Scripts Access Bypass
// use www.iq-ty.com/bypass.php?iq=dir Run'c:\windows\system32\cmd.exe /c '.escapeshellarg$GETiq.' '.dirname$SERVERSCRIPTFILENAME.'/iq-security.txt'; for $i=0; $i...
openSUSE Security Update : seamonkey (seamonkey-1738)
The Mozilla SeaMonkey browser suite was updated to version 2.0.1, fixing lots of bugs and various security issues. The following issues were fixed : - MFSA 2009-65/CVE-2009-3979/CVE-2009-3981 Crashes with evidence of memory corruption 1.9.0.16 - MFSA 2009-68/CVE-2009-3983 bmo487872 NTLM reflectio...
Internet Explorer COM Object Instantiation Memory Corruption (MS06-021; CVE-2006-1303)
Microsoft Internet Explorer is the most widely used web browser application. The browser is capable of processing HTML, images, scripting languages, and various other popular Internet specifications. The browser is also compatible with Microsoft's Common Object Model COM scheme, whereby...
Firefox GeckoActiveXObject异常消息COM对象枚举漏洞
BUGTRAQ ID: 37360 CVECAN ID: CVE-2009-3987 Firefox是一款流行的开源WEB浏览器。 Mozilla的GeckoActiveXObject所生成的异常消息会根据系统注册表中是否存在所请求COM对象的ProgID而不同,恶意站点可以根据这个差异枚举出用户系统上所安装的COM对象列表,并创建配置文件跨浏览会话追踪用户。 Mozilla Firefox 3.5.x Mozilla Firefox 3.0.x Mozilla SeaMonkey 2.0 厂商补丁: Mozilla -------...
CVE-2009-3987
The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive...
Internet Explorer COM Object Instantiation Memory Corruption (CVE-2006-4495)
Microsoft Internet Explorer allows HTML documents to embed ActiveX controls for the authoring of dynamic web content. ActiveX controls are based on Component Object Model COM technology. The invocation of an ActiveX control is performed by Internet Explorer by internally instantiating an object. ...
PPstream 2.6.86.8900 PPSMediaList ActiveX Remote BOF PoC
No description provided by source. !-- PPStream is the most huge p2p media player in the world. There are two hundred million ppstream users in the world. The vulnerability is exploitable,but I have no time to make it,you could visit my blog for detail.^@^ welcome to http://0dayexpose.blogspot.co...
Microsoft Visual Studio MaskedEdit ActiveX Control Buffer Overflow (MS08-070; CVE-2008-3704)
Microsoft Visual Studio is designed for building Windows based applications and Web solutions. A buffer overflow vulnerability has been reported in Microsoft Visual Studio. The vulnerability is due to a memory corruption error in the Visual Basic MaskedEdit ActiveX control when it fails to proper...
iseemedia LPViewer ActiveX Control Multiple Buffer Overflows (CVE-2008-4384)
iseemedia is a software development company focused on the commercialization of advanced, rich content adaptation and distribution solutions for Web applications. iseemedia's platforms are used by websites worldwide. The iseemedia LPViewer ActiveX control contains multiple buffer overflow...
Microsoft Windows Media Encoder 9 ActiveX Control Buffer Overflow (MS08-053; CVE-2008-3008)
Windows Media Encoder is a tool for capturing audio and video content. A remote code execution vulnerability has been reported in the Windows Media Encoder 9 Series.The vulnerability is due to an error in a Windows Media Encoder 9 Series ActiveX control that was never intended to be instantiated ...
Microgaming Download Helper ActiveX Remote Code Execution (CVE-2007-2177)
ActiveX controls are reusable software components based on Microsoft Component Object Model COM. A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in a Microgaming Download Helper ActiveX control. To trigger this issue, an...
MS Internet Explorer (blnmgr.dll) COM Object Remote Exploit (MS05-038)
No description provided by source. !-- placed into html for your testing. /str0ke !/usr/bin/perl Internet Explorer COM Objects Instantiation Proof of Concept Exploit MS05-038 Bindshell on port 28876 - Based and ripped from Berend-Jan Wever's IE Exploit Vulnerable Objects :...
MS Internet Explorer (javaprxy.dll) COM Object Remote Exploit
No description provided by source. !-- update frsirt updated the comments to reflect skylined's code + gpl. /str0ke Perl code is commented so people can test the vuln on their IE /str0ke !/usr/bin/perl Microsoft Internet Explorer "javaprxy.dll" COM Object Exploit -Unpatched- Proof of Concept by t...
Memory corruption
The ActiveX Control yNotifier.dll in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption...
mso-dos.txt
MSODataSourceControl.DeleteRecordSourceIfUnused COM-object B0F POC Tested on full patched XP/SP2, IE7, MSO2003 var b = 'AAAA'; while b.length...
Microsoft IE URLMON.DLL COM对象实例化无效内存访问漏洞(MS07-033)
Internet Explorer是一款非常流行的WEB浏览器。 Internet Explorer在创建某些COM对象时存在内存破坏漏洞,成功利用此漏洞的攻击者可能完全控制受影响的系统。 如果调用了IObjectSafety函数的话,可能会访问未初始化的内存,导致执行任意代码。 攻击者可以通过构建特制的网页来利用该漏洞,当用户查看网页时,该漏洞可能允许远程执行代码。 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 5.0.1 SP4 临时解决方...